Help debugging connectivity issue when using wstunnel for WireGuard with IP forwarding

[3ynm]

I am able to connect to WireGuard through wstunnel, but for some reason that I'm unable to point out, I can't access to some specific websites. I don't think it's a DNS issue as I can't connect even when using the IP directly.

Here is a snippet with my full config: https://pastebin.com/eFwWGBJF

I start services with systemctl start wws on both ends.

Sites I cannot connect to: ddg.co github.com
Sites I can connect to: 1.1.1.1 archlinux.org pastebin.com google.com

I have perfect connectivity when not using wstunnel.

[erebe]

Like that I can't tell, your config seems right to me.

Try to set the dns in your client config, lile https://github.com/erebe/personal-server/blob/79ade66f4e59b737b6d4a55712ed3b1626555ac8/nodes/laptop/wireguard/wgall.conf#L4,

and after try to debug to see where your traffic is being terminated (dig, ip get route, tracepath/traceroute, curl,...)

But the issue is unlikely related to wstunnel.

[3ynm]

I don't really have any idea on how to troubleshoot this. I tried looking with mtr but everything seems fine. Also tried connecting from different networks to the "server", and I have the same problem.

curl say's it connects but is unable to get an answer from a TLS handshake:

[~]$ curl -v https://github.com
* Host github.com:443 was resolved.
* IPv6: (none)
* IPv4: 20.201.28.151
*   Trying 20.201.28.151:443...
* Connected to github.com (20.201.28.151) port 443
* ALPN: curl offers h2,http/1.1
* TLSv1.3 (OUT), TLS handshake, Client hello (1):
*  CAfile: /etc/ssl/certs/ca-certificates.crt
*  CApath: none

It just stays like that forever.

I also captured that curl interaction with tcpdump on both ends. Here is the log: https://pastebin.com/k7uuzccn

[3ynm]

Turns out it was a problem with MTU. I've set it to 1280 and it works fine.